The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

please help me get these slashes taken care of

ok, I have a field in the db and a text field for the title. I user the following regexp to check the characters

PHP Code:

if (!ereg('^[a-zA-Z0-9.:\'\" ]+$', $title))

That works great. The trouble I have is that the site is hosted and I cannot turn off magic_quotes. So if I do nothing else with the text and it has a " in it it goes into the database fine. The trouble comes when I want to allow the user to edit it.

I just pull out the value and use

PHP Code:

value="<?php echo($abstract->title); ?>">

for the text box to show the current value and allow the user to edit. I do not do any add or strip slashes up to this point now have I anywhere else.

The problem is that if I end the title in " they don't show up in the text field. It seems like it is ending the form field early and it is not escaped.

The title is this test value: here is an: 'idea"
and if I leave it like that what I get in the text box is here is an: 'idea
So I thought I would try addslashes to excape the double quote at the end...that only left me with... here is an: \\\'idea\\\

Does anyone know how I can get this to work right. I cannot change the magic_quotes so I need to work on it manually I guess. I just am not sure if I should be trying to put in quotes somehow before I enter the data in the database, after I pull it out or what...

Thanks for the help. I am running out of hair to pull out.

mitechie.com
"Techies just think a little differently
...at least that is what they keep telling me."

this doesn't sound like a magic_quotes or addslashes() issue, but an HTML one. where you put the value in the form, use htmlspecialchars():

PHP Code:

value="<?php echo htmlspecialchars($abstract->title); ?>">

- Matt ** Ignore old signature for now... **
Dr.BB - Highly optimized to be 2-3x faster than the "Big 3." "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

I ended up useing an ereg_replce to replace the quotes with &quot; and single quotes with &#38;

The problem I had using htmlspecialchar was that if I pulled up the text a second time after an initial edit it would conver the & in &quot to &amp and then I would not get the quot in the text box. So I had to use the ereg_replace to ONLY replace quotes and not the rest of the things that htmlspecialchar catches.

mitechie.com
"Techies just think a little differently
...at least that is what they keep telling me."